Gemini in Security Command Center

Gemini in Security Command Center, which is a product in the Gemini for Google Cloud portfolio, provides the following assistance with cloud security and enterprise security operations:

  • Generate UDM search queries from natural language questions. Gemini in Security Command Center can translate simple natural language questions about your threat data into UDM Search queries that you can run against UDM events.

  • Summarize cases. The AI Investigation widget looks at a whole case (alerts, events, and entities) and provides you with an AI-generated case summary of how much attention the case might require. The widget also helps you better understand the security issue by summarizing the alerts and by providing recommendations for the next steps you can take to remediate the issue.

  • Explain attack paths. Gemini in Security Command Center provides dynamically generated explanations of the attack path visualizations that are generated by the attack path simulations feature of Security Command Center.

Learn how and when Gemini for Google Cloud uses your data. As an early-stage technology, Gemini for Google Cloud products can generate output that seems plausible but is factually incorrect. We recommend that you validate all output from Gemini for Google Cloud products before you use it. For more information, see Gemini for Google Cloud and responsible AI.

Features

The following table shows the Gemini features in Security Command Center, along with links to documentation:

Task Type of assistance Product documentation
Generate UDM Search queries for threats with natural language questions
  • Translate a natural language question into a UDM Search query that you can run against UDM events for threat investigations.
Natural language search for threat investigations
Summarize cases
  • Provide an AI-generated summary of how much attention the case might require.
  • Summarize the alerts data to understand the risk.
  • Recommend steps for remediation of the issue.
AI Investigation widget for cases
Explain attack paths
  • Provide an AI-generated explanation of the attack path that an attacker could use to reach your high-value resources.
Gemini summaries of findings and attack paths

Where to interact with Gemini in Security Command Center

You can find the Gemini features in the Premium and Enterprise tiers of Security Command Center.

Attack path AI summaries

If you are using the Premium or Enterprise tier of Security Command Center, you can open the AI summary of an attack path for a vulnerability or misconfiguration finding by clicking AI summary on the Attack path simulation details page of the finding.

Case AI summaries

If you are using the Enterprise tier of Security Command Center, you can find the AI Investigation widget that displays the AI summaries for cases under the Case Overview tab on the Cases page in the Security Operations console.

UDM search queries from natural language questions

If you are using the Enterprise tier of Security Command Center, you can enter your natural language questions about your threat data on the SIEM search page, which you can find in the Investigations menu.

Set up Gemini in Security Command Center

Attack path summaries are included in Security Command Center Premium tier and the Enterprise tier.

Case AI summaries and UDM search queries are included in Security Command Center Enterprise tier.

No additional setup steps are required.

What's next